<?php

require_once( '../../libs/smarty.inc' );

require_once( '../../libs/Class_DB.php' );

require_once( '../../libs/Class_ERROR.php' );

require_once( '../../libs/login.inc.php' );



if( !in_array( "H", $_SESSION['ADMIN_LOGIN']['AUTH_CD'] ) ) exit;



if( $_SERVER['REQUEST_METHOD'] == 'GET' ){

	

	$phase = 'input';

	

	if( isset($_GET['id']) && $_GET['id'] != '' ){

		

		if( is_numeric( $_GET['id'] ) ){

			

			$db = new Class_DB;



			$sql = "SELECT * FROM M_STAFF WHERE staff_id = " . $_GET['id'];

			$res = $db->query( $sql );

			$forms = mysql_fetch_array( $res, MYSQL_ASSOC );

			

			$sql = "SELECT * FROM D_STAFFAUTH WHERE staff_id = " . $_GET['id'];;

			$res = $db->query( $sql );

			while( $row = mysql_fetch_array( $res, MYSQL_ASSOC ) ){

				$forms['auth'][] = $row['auth_cd'];

			}		

		}	

	}

}else{	

	$forms = $_POST;	

	// 入力画面から（从输入屏幕）

	if( $forms['mode'] == 'input' ){

		$err = new Class_ERROR;		

		$err_mes['login_id']	= $err->check( $forms['login_id'], array("EXIST", "ALNUM") );

		$err_mes['login_pass']	= $err->check( $forms['login_pass'], array("EXIST", "ALNUM") );

		$err_mes['staff_name']	= $err->check( $forms['staff_name'], array("EXIST") );

		$err_mes['email']		= $err->check( $forms['email'], array("EXIST", "EMAIL") );



		// ログインID重複チェック（检查重复的登录ID）

		$db = new Class_DB;

		if( $forms['staff_id'] == '' ){

			$sql = sprintf("SELECT * FROM M_STAFF WHERE login_id = '%s'", 

				mysql_real_escape_string( $forms['login_id'] )

			);

		}else{

			$sql = sprintf("SELECT * FROM M_STAFF WHERE login_id = '%s' AND staff_id != %s",

				mysql_real_escape_string( $forms['login_id'] ),

				mysql_real_escape_string( $forms['staff_id'] )

			);

		}



		$res = $db->query( $sql );

		if( $db->num_rows() ){

			$err->clear = false;

			$err_mes['login_id'] = 'このIDは重複しています';

		}



		if( $err->clear ){

			$phase = 'confirm';

		}else{

			$phase = 'input';

		}



	}



	// 戻るボタン（后退按钮）

	if( $forms['mode'] == 'back' ){

		$phase = 'input';

	}



	// 確認画面から（在确认屏幕）

	if( $forms['mode'] == 'confirm' ){

		

		if( $forms['staff_id'] == '' ){

			//新規登録

			regist( $forms );

			$phase = 'complete';

			$smarty->assign('message', '登録が完了しました。');

		}else{

			//更新

			update( $forms );

			$phase = 'complete';

			$smarty->assign('message', '更新が完了しました。');

		}

		

	}

	

}







if( $phase == 'input' )		$smarty->assign('message', '登録内容を確認し、確認ボタンをクリックしてください。');

if( $phase == 'confirm' )	$smarty->assign('message', 'この内容で登録します。よろしいですか？');

( isset( $forms['staff_id'] ) ) ? $title = 'スタッフ更新' : $title = 'スタッフ登録';

$smarty->assign('title', $title);

$smarty->assign('arr_auth', $arr_auth);

$smarty->assign('phase', $phase);

if( isset( $forms ) ) $smarty->assign('forms', $forms);

if( isset( $err_mes ) ) $smarty->assign('err', $err_mes);



$smarty->display('web-admin/staff_form.html');





// 新規登録（新注册）

function regist( $fm ){

	

	$db = new Class_DB;

	

	$sql = "INSERT INTO M_STAFF(login_id, login_pass, staff_name, email, status, r_date, u_date) VALUES(

'" . $fm['login_id'] . "', '" . $fm['login_pass'] . "', '" . $db->quote($fm['staff_name']) . "', '" . $db->quote($fm['email']) . "', '" . $fm['status'] . "', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP

)";

	$db->query( $sql );

	

	$staff_id = $db->last_id();

	

	foreach( $fm['auth'] as $k => $v ){

		$sql = "INSERT INTO D_STAFFAUTH(staff_id, auth_cd) VALUES($staff_id, '$v')";

		$db->query( $sql );

	}

	

	return;

}





// 更新

function update( $fm ){

	

	$db = new Class_DB;

	

	$sql = "UPDATE M_STAFF SET 

login_id = '" . $fm['login_id'] . "', 

login_pass = '" . $fm['login_pass'] . "',

staff_name = '" . $fm['staff_name'] . "',

email = '" . $fm['email'] . "',

status = '" . $fm['status'] . "',

u_date = CURRENT_TIMESTAMP 

WHERE staff_id = $fm[staff_id]";

	

	$db->query( $sql );

	

	$sql=  "DELETE FROM D_STAFFAUTH WHERE staff_id = $fm[staff_id]";

	$db->query( $sql );



	foreach( $fm['auth'] as $k => $v ){

		$sql = "INSERT INTO D_STAFFAUTH(staff_id, auth_cd) VALUES($fm[staff_id], '$v')";

		$db->query( $sql );

	}



	return;

}

?>